mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-07-22 18:54:36 +00:00
crypto: support EC private keys
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1324
This commit is contained in:
parent
ebdf3bd376
commit
1d614dbded
|
@ -1634,6 +1634,8 @@ EXTRA_DIST += \
|
|||
src/libnm-core-impl/tests/certs/test2_key_and_cert.pem \
|
||||
src/libnm-core-impl/tests/certs/test-aes-128-key.pem \
|
||||
src/libnm-core-impl/tests/certs/test-aes-256-key.pem \
|
||||
src/libnm-core-impl/tests/certs/test-aes-128-ec-key.pem \
|
||||
src/libnm-core-impl/tests/certs/test-aes-256-ec-key.pem \
|
||||
src/libnm-core-impl/tests/certs/test_ca_cert.der \
|
||||
src/libnm-core-impl/tests/certs/test_ca_cert.pem \
|
||||
src/libnm-core-impl/tests/certs/test-ca-cert.pem \
|
||||
|
@ -1642,6 +1644,8 @@ EXTRA_DIST += \
|
|||
src/libnm-core-impl/tests/certs/test-key-and-cert.pem \
|
||||
src/libnm-core-impl/tests/certs/test-key-only-decrypted.der \
|
||||
src/libnm-core-impl/tests/certs/test-key-only-decrypted.pem \
|
||||
src/libnm-core-impl/tests/certs/test-ec-key-only-decrypted.der \
|
||||
src/libnm-core-impl/tests/certs/test-ec-key-only-decrypted.pem \
|
||||
src/libnm-core-impl/tests/certs/test-key-only.pem \
|
||||
src/libnm-core-impl/tests/certs/test-tpm2wrapped-key.pem \
|
||||
src/libnm-core-impl/tests/nm-core-tests-enum-types.c.template \
|
||||
|
|
8
src/libnm-core-impl/tests/certs/test-aes-128-ec-key.pem
Normal file
8
src/libnm-core-impl/tests/certs/test-aes-128-ec-key.pem
Normal file
|
@ -0,0 +1,8 @@
|
|||
-----BEGIN EC PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-128-CBC,D6E024FACA9CFFE6B0296EBC848BC80C
|
||||
|
||||
vOzvGfSmNKRGMxIlB474A3ZHYqNj0NEuJQxEYV2roY+kAWN4+zdk7I+dbGRbjlgz
|
||||
lS0NBIrTEmyPugYEWnaccxKfTTJz5U1OxT/AZVVmJuD/5lh2H2qZUkFs6d10X5zd
|
||||
0gsn6OwV+2j9rrWyEcgH8WOwqgiN+LaWihLhGMKaWI0=
|
||||
-----END EC PRIVATE KEY-----
|
8
src/libnm-core-impl/tests/certs/test-aes-256-ec-key.pem
Normal file
8
src/libnm-core-impl/tests/certs/test-aes-256-ec-key.pem
Normal file
|
@ -0,0 +1,8 @@
|
|||
-----BEGIN EC PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,8337BC213C3280DC1884C61562719552
|
||||
|
||||
Kcdf9l8gAMkN1fb0PGpFRD1VQIGQbB55yCBLMwRBbG1XQ9rVjnP+Zl0CdDzncKXt
|
||||
yLFpAAgNUahsaVJyc8/suKl8pj2VfJK8m0NUIrWWQu/KyaFTS6I30hwLJ0WATBMm
|
||||
GMb2CiAqlk6U+EqtZxNmgf6SCEGUV/oTCF0AqNFKiXM=
|
||||
-----END EC PRIVATE KEY-----
|
BIN
src/libnm-core-impl/tests/certs/test-ec-key-only-decrypted.der
Normal file
BIN
src/libnm-core-impl/tests/certs/test-ec-key-only-decrypted.der
Normal file
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN EC PRIVATE KEY-----
|
||||
MHcCAQEEIPw/e9RgNcs2cMrKn+KnxNCGC1UrcOH9S0xm5e1GxJqRoAoGCCqGSM49
|
||||
AwEHoUQDQgAEbA5LlfyjMwuyuIcBr+fk1l71EKC6NttJCGjXGexUOTGsjhVgXHjT
|
||||
cc2EohzF94Zs4EjYce3aQe4YsA11YMuRaQ==
|
||||
-----END EC PRIVATE KEY-----
|
|
@ -111,7 +111,7 @@ test_load_private_key(const char *path,
|
|||
|
||||
array = nmtst_crypto_decrypt_openssl_private_key(path, password, &key_type, &error);
|
||||
/* Even if the password is wrong, we should determine the key type */
|
||||
g_assert_cmpint(key_type, ==, NM_CRYPTO_KEY_TYPE_RSA);
|
||||
g_assert_cmpint(key_type, !=, NM_CRYPTO_KEY_TYPE_UNKNOWN);
|
||||
|
||||
if (expected_error != -1) {
|
||||
g_assert(array == NULL);
|
||||
|
@ -226,7 +226,7 @@ test_encrypt_private_key(const char *path, const char *password)
|
|||
|
||||
array = nmtst_crypto_decrypt_openssl_private_key(path, password, &key_type, &error);
|
||||
nmtst_assert_success(array, error);
|
||||
g_assert_cmpint(key_type, ==, NM_CRYPTO_KEY_TYPE_RSA);
|
||||
g_assert_cmpint(key_type, !=, NM_CRYPTO_KEY_TYPE_UNKNOWN);
|
||||
|
||||
/* Now re-encrypt the private key */
|
||||
encrypted = nmtst_crypto_rsa_key_encrypt(g_bytes_get_data(array, NULL),
|
||||
|
@ -244,7 +244,7 @@ test_encrypt_private_key(const char *path, const char *password)
|
|||
&key_type,
|
||||
&error);
|
||||
nmtst_assert_success(re_decrypted, error);
|
||||
g_assert_cmpint(key_type, ==, NM_CRYPTO_KEY_TYPE_RSA);
|
||||
g_assert_cmpint(key_type, !=, NM_CRYPTO_KEY_TYPE_UNKNOWN);
|
||||
|
||||
/* Compare the original decrypted key with the re-decrypted key */
|
||||
g_assert(g_bytes_equal(array, re_decrypted));
|
||||
|
@ -452,12 +452,21 @@ main(int argc, char **argv)
|
|||
g_test_add_data_func("/libnm/crypto/key/aes-128",
|
||||
"test-aes-128-key.pem, test-aes-password",
|
||||
test_key);
|
||||
g_test_add_data_func("/libnm/crypto/key/aes-128-ec",
|
||||
"test-aes-128-ec-key.pem, test-aes-password",
|
||||
test_key);
|
||||
g_test_add_data_func("/libnm/crypto/key/aes-256",
|
||||
"test-aes-256-key.pem, test-aes-password",
|
||||
test_key);
|
||||
g_test_add_data_func("/libnm/crypto/key/aes-256-ec",
|
||||
"test-aes-256-ec-key.pem, test-aes-password",
|
||||
test_key);
|
||||
g_test_add_data_func("/libnm/crypto/key/decrypted",
|
||||
"test-key-only-decrypted.pem",
|
||||
test_key_decrypted);
|
||||
g_test_add_data_func("/libnm/crypto/key/decrypted-ec",
|
||||
"test-ec-key-only-decrypted.pem",
|
||||
test_key_decrypted);
|
||||
|
||||
g_test_add_data_func("/libnm/crypto/PKCS#12/1", "test-cert.p12, test", test_pkcs12);
|
||||
g_test_add_data_func("/libnm/crypto/PKCS#12/2", "test2-cert.p12, 12345testing", test_pkcs12);
|
||||
|
|
|
@ -25,6 +25,9 @@
|
|||
#define PEM_DSA_KEY_BEGIN "-----BEGIN DSA PRIVATE KEY-----"
|
||||
#define PEM_DSA_KEY_END "-----END DSA PRIVATE KEY-----"
|
||||
|
||||
#define PEM_EC_KEY_BEGIN "-----BEGIN EC PRIVATE KEY-----"
|
||||
#define PEM_EC_KEY_END "-----END EC PRIVATE KEY-----"
|
||||
|
||||
#define PEM_CERT_BEGIN "-----BEGIN CERTIFICATE-----"
|
||||
#define PEM_CERT_END "-----END CERTIFICATE-----"
|
||||
|
||||
|
@ -201,6 +204,10 @@ parse_old_openssl_key_file(const guint8 *data,
|
|||
key_type = NM_CRYPTO_KEY_TYPE_DSA;
|
||||
start_tag = PEM_DSA_KEY_BEGIN;
|
||||
end_tag = PEM_DSA_KEY_END;
|
||||
} else if (find_tag(PEM_EC_KEY_BEGIN, data, data_len, 0, &start)) {
|
||||
key_type = NM_CRYPTO_KEY_TYPE_EC;
|
||||
start_tag = PEM_EC_KEY_BEGIN;
|
||||
end_tag = PEM_EC_KEY_END;
|
||||
} else {
|
||||
g_set_error(error,
|
||||
_NM_CRYPTO_ERROR,
|
||||
|
|
|
@ -29,7 +29,8 @@ const NMCryptoCipherInfo *nm_crypto_cipher_get_info_by_name(const char *cipher_n
|
|||
typedef enum {
|
||||
NM_CRYPTO_KEY_TYPE_UNKNOWN = 0,
|
||||
NM_CRYPTO_KEY_TYPE_RSA,
|
||||
NM_CRYPTO_KEY_TYPE_DSA
|
||||
NM_CRYPTO_KEY_TYPE_DSA,
|
||||
NM_CRYPTO_KEY_TYPE_EC,
|
||||
} NMCryptoKeyType;
|
||||
|
||||
typedef enum {
|
||||
|
|
Loading…
Reference in a new issue